CN103516671B - The access processing method and access device and access terminal of a kind of customer service - Google Patents
The access processing method and access device and access terminal of a kind of customer service Download PDFInfo
- Publication number
- CN103516671B CN103516671B CN201210206907.4A CN201210206907A CN103516671B CN 103516671 B CN103516671 B CN 103516671B CN 201210206907 A CN201210206907 A CN 201210206907A CN 103516671 B CN103516671 B CN 103516671B
- Authority
- CN
- China
- Prior art keywords
- access
- authentication
- channel
- access terminal
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Small-Scale Networks (AREA)
Abstract
The invention discloses a kind of access processing method of customer service and access device and access terminal, authentication business channel and the non-authentication service channel for being connected to access terminal is arranged in access device;The access device carries out user data access in access terminal access authentication success by the authentication business channel, is accessed in the access terminal and passes through the non-authentication service channel progress user data access when unverified or access authentication fails.This programme can solve user, and not initiate the application that user in the case of certification or authentification failure can not access caused by certain controlled websites inconvenient.
Description
Technical field
The present invention relates to the access processing method and access device of wireless communication field more particularly to a kind of customer service and
Access terminal.
Background technology
Family gateway equipment is the equipment that home network is attached with access network, family as a kind of access terminal
Gateway device is connected with subscriber terminal equipment, and the network that can control user terminal accesses.The network side of family gateway equipment can
To connect access node apparatus, such as:Digital Subscriber Line access device, passive optical network optical line terminal, Ethernet-Aggregation are set
It is standby.
As shown in Figure 1, access terminal (such as family gateway equipment) can complete the certification of equipment by authentication protocol, recognize
It includes IEEE 802.1x agreements to demonstrate,prove agreement, and home gateway is as certification promoter, and access device is as authentication points, access device
After receiving authentication information, interacted with certificate server by other authentication protocols, by family gateway equipment, access device and
The certification of user is completed in the interaction of certificate server.
Identifying procedure as shown in Figure 2 only has the user by certification that could obtain network and accesses according to 802.1x agreements
Permission, non-authentication user or authentification failure user cannot access network.
In the case where user does not initiate certification or authentification failure, user may need to access certain controlled websites,
And then obtain relevant information or download related software and obtain further operation, network authorization can be obtained to realize, such as
Online payment etc., but flow in the prior art cannot achieve and meet above application requirement.
Invention content
The technical problem to be solved in the present invention is to provide a kind of access processing method of customer service and access device and connect
Enter terminal, solving user in the case that user does not initiate certification or authentification failure can not access caused by certain controlled websites
Application it is inconvenient.
In order to solve the above technical problem, the present invention provides a kind of access processing methods of customer service, wherein access
Authentication business channel and the non-authentication service channel for being connected to access terminal is arranged in equipment;The access device is whole in the access
User data access is carried out by the authentication business channel when holding access authentication success, is accessed in the access terminal unverified
Or user data access is carried out by the non-authentication service channel when access authentication failure.
Further, the above method can also have the characteristics that:
The access terminal configures the information of the non-authentication service channel in user-side port and matches when certification is successful
Set the information in the authentication business channel.
Further, the above method can also have the characteristics that:
The access terminal configures the information of the non-authentication service channel in user-side port, and access is unverified or connects
When entering authentification failure, the data received from the authentication business channel are passed through the non-authentication service channel by the access device
Forwarding.
Further, the above method can also have the characteristics that:
The gap marker of the data received from the authentication business channel is modified as the non-authentication by the access device
The mark of service channel.
Further, the above method can also have the characteristics that:
The service channel is the logical channel of virtual LAN or passive optical network or the Virtual Channel of digital subscriber line,
The logical channel of the passive optical network is gigabit passive optical network generic encapsulation port or Ethernet passive optical network logic
Link identifier.
In order to solve the above technical problem, the present invention provides a kind of access devices, wherein the access device includes logical
Road configuration module, receiving module and access processing module;
The channel configuration module is led to for the authentication business channel for being connected to access terminal and non-authentication business to be arranged
Road;
The receiving module, for receiving the access by the authentication business channel or the non-authentication service channel
The access data of terminal;
The access processing module, for passing through the authentication business channel in access terminal access authentication success
User data access is carried out, is accessed in the access terminal logical by the non-authentication business when unverified or access authentication fails
Road carries out user data access.
Further, above-mentioned access device can also have the characteristics that:
The access processing module is specifically used for, in access terminal access authentication success, passing through the certification industry
Business channel carries out user data access.
Further, above-mentioned access device can also have the characteristics that:
The access processing module is specifically used for when the access terminal accesses unverified or access authentication and fails, will
The data received from the authentication business channel are forwarded by the non-authentication service channel.
In order to solve the above technical problem, the present invention provides a kind of access terminals, wherein the access terminal includes matching
Set module, AM access module;
The configuration module, the authentication business that access terminal is connected to for configuring access device in user-side port lead to
The information in road or the information of non-authentication service channel;
The AM access module, for carrying out user data access by the user-side port.
Further, above-mentioned access terminal can also have the characteristics that:
The configuration module, after being additionally operable to the information for configuring the non-authentication service channel in the user-side port,
In access terminal certification success, the information in the authentication business channel is configured in the user-side port.
This programme can solve user do not initiate user in the case of certification or authentification failure can not access it is certain controlled
Application caused by website is inconvenient.
Description of the drawings
Fig. 1 is the connection relationship diagram of access terminal and access device and certificate server;
Fig. 2 is the flow diagram that access terminal is authenticated under IEEE 802.1x agreements;
Fig. 3 is the schematic diagram of the access processing method of customer service in embodiment.
Specific implementation mode
Access terminal can connect multiple user equipmenies, and each equipment can use different authentication business channels into line number
According to transmitting-receiving.Judged according to the authentication state of access terminal in this programme, controlled accordingly, realizes conforming to for user
The access asked.
As shown in figure 3, the access processing method of customer service includes:The certification for being connected to access terminal is arranged in access device
Service channel and non-authentication service channel;Access device passes through the authentication business in access terminal access authentication success
Channel carries out user data access, is accessed when unverified or access authentication fails in the access terminal and passes through the non-authentication industry
Business channel carries out user data access.
Embodiment one
Access terminal configures the information of the non-authentication service channel in user-side port, when certification is successful, in user
It configures the information in the authentication business channel in side ports, when unverified or authentification failure, keeps the configuration in user-side port.
Embodiment two
Access terminal configures the information in authentication business channel in user-side port, and access terminal is unverified or access authentication
When failure, access device forwards the data received from the authentication business channel by the non-authentication service channel.Specifically
, the gap marker of the data received from the authentication business channel is modified as the non-authentication service channel by access device
Mark;When carrying out access and certification success by the user-side port, the configuration in user-side port is kept.
Service channel in this method is the logical channel or digital subscriber line of virtual LAN or passive optical network
(DSL) logical channel of Virtual Channel (VC), passive optical network is gigabit passive optical network (GPON) generic encapsulation port
(GEM) or Ethernet passive optical network (EPON) logical link identifier (LLID).
The configuration information in channel can dynamically update, such as can be matched by management passage or non-authentication service channel
Set update.
Access device in this programme includes channel configuration module, receiving module and access processing module.
The channel configuration module is led to for the authentication business channel for being connected to access terminal and non-authentication business to be arranged
Road;
The receiving module, for receiving the access by the authentication business channel or the non-authentication service channel
The access data of terminal;
The access processing module, for being carried out by the authentication business channel in the success of access terminal access authentication
User data accesses, and when access terminal accesses unverified or access authentication and fails, passes through the non-authentication service channel and carries out
User data accesses.
Corresponding to the scene of embodiment one, access processing module is specifically used in access terminal access authentication success
When, user data access is carried out by the authentication business channel.
Corresponding to the scene of embodiment two, access processing module is specifically used for accessing unverified in the access terminal or connect
When entering authentification failure, the data received from the authentication business channel are forwarded by the non-authentication service channel.
Access terminal in this programme includes configuration module, AM access module.
The configuration module, the authentication business that access terminal is connected to for configuring access device in user-side port lead to
The information in road or the information of non-authentication service channel;
The AM access module, for carrying out user data access by the user-side port.
Corresponding to the scene of embodiment one, configuration module is additionally operable to configure the non-authentication industry in the user-side port
It is engaged in after the information in channel, in access terminal certification success, it is logical that the authentication business is configured in the user-side port
The information in road.
This case is described in detail below by specific embodiment.
Specific embodiment one
Access device configures N-1 authentication business channel VLAN2 to VLAN N+1 and 1 non-authentication service channel VLAN
1.Access device notifies the configuration information in each channel to the service channel of access terminal.
Non-authentication service channel VLAN 1 is configured to N number of user-side port 1 to user-side port N by access terminal.
If access terminal carry out access procedure in unverified or authentification failure, access terminal keep user-side port 1 to
The non-authentication service channel VLAN 1 configured on user-side port N.Access device keeps the configuration of former service channel, is recognized by non-
It demonstrate,proves service channel VLAN 1 and carries out user data access.
If access terminal carries out certification success in access procedure, access terminal deletes user-side port 1 to user side
The non-authentication service channel VLAN 1 configured on mouth N, authentication business is respectively configured in user-side port 1 to user-side port N
Channel VLAN 2 arrives VLAN N+1.Access device keeps the configuration of former service channel, passes through non-authentication business by access device
Channel VLAN 1 carries out user data access.
Corresponding DSL subscriber, access terminal can be the user gateway of DSL, and corresponding PON equipment, access terminal can be PON
ONU.
Specific embodiment two
Access device configures N-1 authentication business channel VLAN 2 and arrives VLAN N+1 and 1 non-authentication service channel VLAN
1.Access device notifies the configuration information in each channel to the service channel of access terminal.
Authentication business channel VLAN 2 to VLAN N+1 is configured in order N number of user-side port 1 to user by access terminal
Side ports N.
If access terminal carries out certification success in access procedure, access device keeps the configuration of former service channel, passes through
Authentication business channel VLAN 2 carries out user data access to VLAN N+1.
If access terminal carries out unverified or authentification failure in access procedure, it is constant that access terminal keeps first wife to set, and connects
Enter equipment to forward the data received from authentication business channel VLAN 2 to VLAN N+1 by non-authentication service channel VLAN 1,
Such as the gap marker for accessing data is revised as VLAN 1 (non-authentication service channel) from VLAN2 (authentication business channel).
Access terminal can only all access non-authentication business in spite of by certification.Access terminal can with access device
It is controlled with the flow etc. for non-authentication service channel.
Corresponding DSL subscriber, access terminal can be the user gateway of DSL, and corresponding PON equipment, access terminal can be PON
ONU.
Corresponding dsl device, service channel can also be PVC.
For PON equipment, service channel can also be the LLID of the GEM port or EPON of GPON.
It should be noted that in the absence of conflict, the features in the embodiments and the embodiments of the present application can phase
Mutually arbitrary combination.
Certainly, the invention may also have other embodiments, without deviating from the spirit and substance of the present invention, ripe
Various corresponding change and deformations, but these corresponding change and deformations can be made according to the present invention by knowing those skilled in the art
The protection domain of appended claims of the invention should all be belonged to.
One of ordinary skill in the art will appreciate that all or part of step in the above method can be instructed by program
Related hardware is completed, and described program can be stored in computer readable storage medium, such as read-only memory, disk or CD
Deng.Optionally, all or part of step of above-described embodiment can also be realized using one or more integrated circuits.Accordingly
Ground, the form that hardware may be used in each module/unit in above-described embodiment are realized, the shape of software function module can also be used
Formula is realized.The present invention is not limited to the combinations of the hardware and software of any particular form.
Claims (10)
1. a kind of access processing method of customer service, wherein
Authentication business channel and the non-authentication service channel for being connected to access terminal is arranged in access device;
The access device carries out user data in access terminal access authentication success by the authentication business channel
Access accesses in the access terminal and passes through the non-authentication service channel progress number of users when unverified or access authentication fails
According to access.
2. the method as described in claim 1, which is characterized in that
The access terminal configures the information of the non-authentication service channel in user-side port, when certification is successful, configures institute
State the information in authentication business channel.
3. the method as described in claim 1, which is characterized in that
The access terminal configures the information of the non-authentication service channel in user-side port, and access is unverified or access is recognized
When card failure, the access device turns the data received from the authentication business channel by the non-authentication service channel
Hair.
4. method as claimed in claim 3, which is characterized in that
The gap marker of the data received from the authentication business channel is modified as the non-authentication business by the access device
The mark in channel.
5. the method as described in claim 1, which is characterized in that
The service channel is the logical channel of virtual LAN or passive optical network or the Virtual Channel of digital subscriber line, described
The logical channel of passive optical network is gigabit passive optical network generic encapsulation port or Ethernet passive optical network logical links
Identifier.
6. a kind of access device, wherein the access device includes channel configuration module, receiving module and access processing module;
The channel configuration module, for the authentication business channel and the non-authentication service channel that are connected to access terminal to be arranged;
The receiving module, for receiving the access terminal by the authentication business channel or the non-authentication service channel
Access data;
The access processing module, for being carried out by the authentication business channel in access terminal access authentication success
User data accesses, when the unverified or access authentication of access terminal access fails by the non-authentication service channel into
Row user data accesses.
7. access device as claimed in claim 6, which is characterized in that
The access processing module is specifically used in access terminal access authentication success, logical by the authentication business
Road carries out user data access.
8. access device as claimed in claim 6, which is characterized in that
The access processing module is specifically used for when the access terminal accesses unverified or access authentication and fails, will be from institute
The data that authentication business channel receives are stated to forward by the non-authentication service channel.
9. a kind of access terminal, wherein the access terminal includes configuration module, AM access module;
The configuration module, the authentication business channel for being connected to access terminal for configuring access device in user-side port
The information of information or non-authentication service channel;
The AM access module, for carrying out user data access by the user-side port.
10. access terminal as claimed in claim 9, which is characterized in that
The configuration module, after being additionally operable to the information for configuring the non-authentication service channel in the user-side port, in institute
When stating access terminal certification success, the information in the authentication business channel is configured in the user-side port.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210206907.4A CN103516671B (en) | 2012-06-21 | 2012-06-21 | The access processing method and access device and access terminal of a kind of customer service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210206907.4A CN103516671B (en) | 2012-06-21 | 2012-06-21 | The access processing method and access device and access terminal of a kind of customer service |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103516671A CN103516671A (en) | 2014-01-15 |
| CN103516671B true CN103516671B (en) | 2018-08-07 |
Family
ID=49898721
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210206907.4A Expired - Fee Related CN103516671B (en) | 2012-06-21 | 2012-06-21 | The access processing method and access device and access terminal of a kind of customer service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103516671B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108366083B (en) * | 2017-07-03 | 2021-02-26 | 新华三技术有限公司 | Method and device for preventing user network access from being interrupted |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1505331A (en) * | 2002-12-04 | 2004-06-16 | 华为技术有限公司 | Method for realizing port based identification and transmission layer based identification compatibility |
| CN1659909A (en) * | 2002-05-13 | 2005-08-24 | 汤姆森特许公司 | Seamless public wireless local area network user authentication |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100421403C (en) * | 2005-06-29 | 2008-09-24 | 华为技术有限公司 | Identification insertion system and identification inserting method thereof |
| CN101166093A (en) * | 2007-08-22 | 2008-04-23 | 杭州华三通信技术有限公司 | An authentication method and system |
-
2012
- 2012-06-21 CN CN201210206907.4A patent/CN103516671B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1659909A (en) * | 2002-05-13 | 2005-08-24 | 汤姆森特许公司 | Seamless public wireless local area network user authentication |
| CN1505331A (en) * | 2002-12-04 | 2004-06-16 | 华为技术有限公司 | Method for realizing port based identification and transmission layer based identification compatibility |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103516671A (en) | 2014-01-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11196583B2 (en) | Method and system for establishing a service path in a communications network | |
| CN1864390B (en) | Method and apparatus for providing network security using security labeling | |
| US9124485B2 (en) | Topology aware provisioning in a software-defined networking environment | |
| CN101414907B (en) | Method and system for accessing network based on user identification authorization | |
| CN106921437B (en) | A kind of method and apparatus for establishing virtual access node in optical access network | |
| CN103262486B (en) | For forwarding method and the device of the strategy of applications client association in engine | |
| EP2922322A1 (en) | Method and system for wireless local area network user to access fixed broadband network | |
| US9749934B2 (en) | Systems and methods for integrating wireless local area networks on extended bridges | |
| CN110266576A (en) | Audio communication method and device | |
| CN103957566A (en) | Bandwidth control method and bandwidth control equipment | |
| CN109981329A (en) | Determine the method, equipment and system of network equipment connection relationship | |
| CN102571353B (en) | The method of verifying legitimacy of home gateway in passive optical network | |
| CN106375123B (en) | A kind of configuration method and device of 802.1X certification | |
| CN107040495A (en) | It is a kind of to be applied to industrial communication and the multi-stage combination identity identifying method of business | |
| CN108738019A (en) | User authen method in converged network and device | |
| CN104009972A (en) | Network security access authentication system and authentication method thereof | |
| CN103516760B (en) | A kind of Virtual Networking System cut-in method, apparatus and system | |
| JP2016531464A (en) | Secure service management in communication networks | |
| US9553861B1 (en) | Systems and methods for managing access to services provided by wireline service providers | |
| CN103516671B (en) | The access processing method and access device and access terminal of a kind of customer service | |
| CN103051594A (en) | Method, network side equipment and system of establishing end-to-end security of marked net | |
| US20210266234A1 (en) | Over The Top Access Framework and Distributed NFVI Architecture | |
| CN103209107A (en) | Method for realizing user access control | |
| ES2906350T3 (en) | A self-provisioning method, system and software product for SDN-based FTTH backhaul, backhaul or front-end mobile base stations | |
| JPWO2020004498A1 (en) | Service start method and communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20180807 Termination date: 20200621 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |